Skip to content

Latest commit

 

History

History
94 lines (72 loc) · 3.56 KB

README.md

File metadata and controls

94 lines (72 loc) · 3.56 KB

Infrastructure

This project contains all necessary dockerfile and yaml files that used provision the mindspore community:

├── development #contains all developing files (helm charts, init scripts, dockerfile)
└── production #contains the final yaml file that will be used in our production environment.   

Components

BASIC: ArgoCD Server

All of the components are deployed via ArgoCD,

Website: https://dev-deploy.mindspore.cn.

NOTE: The ArgoCD will use the pod name as default admin password, in order to keep the consistency, we patched the password via command:

kubectl patch secret -n argocd argocd-secret  -p '{"stringData": { "admin.password": "'$(htpasswd -bnBC 10 "" realpassword | tr -d ':\n')'"}}'

BASIC: Vault Server

Vault server used to hold all sensitive secrets that used in the infrastructure. In order to enable tls support, the certificate secrets vault-secret is required.

kubectl create secret generic vault-secret --from-file=./server.key  --from-file=./server.crt -n vault

Website: http://dev-secrets.mindspore.cn.

BASIC: Secrets Manager

It's based on secret manager that holds and converts all vault secrets. Secrets manager will sync specified secrets from vault server to k8s secret resource according to the CRD resource, it use AppRole to retrieve all secrets, therefore we need create appropriate approle on vault manually before deploying.

  1. enable vault approle
vault auth enable approle
  1. create policies for secrets manager
cat > mindspore-secrets-manager.hcl  <<EOF
path "secret/data/mindspore/*" {
  capabilities = ["read"]
}
EOF
cat mindspore-secrets-manager.hcl | vault policy write mindspore-secrets-manager -
  1. create vault role
vault write auth/approle/role/mindspore-secret-manager policies=mindspore-secret-manager secret_id_num_uses=0 secret_id_ttl=0
  1. get role id and secret id
vault read --field role_id auth/approle/role/mindspore-secrets-manager/role-id
vault write --field secret_id -force auth/approle/role/mindspore-secrets-manager/secret-id
  1. create secret for secrets manager
kubectl create secret generic vault-approle-secret --from-literal role_id=<role-id> --from-literal secret_id=<secret-id>

Mail System

It's based on the Docker mailman, but all components are upgraded into k8s version.

Website: https://mailweb.mindspore.cn.

MeetingBot System

It's used to record all meeting minutes happened on #mindspore-discuss and #mindspore-sc, minutes can be found at here

Jenkins System

It's based on Jenkins Helm chart within all slave nodes are configured via StatefulSets and will register them self when starting up.

Website: http://build.mindspore.cn for more detail.

Official Website

It's mindspore's official website, please visit https://wwww.mindspore.cn

CI Bot System

It's based on kubernetess' prow system, but some features are trimmed.

Repo System

There are two containers inside, one is nginx with fancy index module and the other is rsync server, please visit official repo website

Clusters

Now all mindspore components are deployed into two HuaweiCloud k8s clusters[CCE]. They are:

  1. CCE on cn-north-1 which are all x86 based nodes

  2. CCE on cn-north-4 which are all arm based nodes